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- The MAILING DATE of this communication appears n the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days wilt be considered timely. 

- If NO period for reply is specified above, the maximum statutory period wilt apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )£<] Responsive to communication(s) filed on 4 August 2004 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-34 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) £<] The drawing(s) filed on 24 March 2004 is/are: a)K accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 
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4) O Interview Summary (PTO-413) 
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5) O Notice of Informal Patent Application (PTO-152) 
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DETAILED ACTION 

1 . In response to the most recent office action, Applicant has added claims 32-34. 
Claims 1-34 have been examined. 

Claim Objections 

2. Claim 33 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. The limitation recited in 
claim 33 is wholly encompassed in the first limitation of parent claim 1 . For purposes of 
the prior art search, this claim stands or falls with claim 1 . 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claim 32 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claim solely teaches to the manipulation of 
abstract data, and is not tangibly embodied. 
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Claim Rejections - 35 (JSC §112 

4. All previous rejections under 35 U.S.C. 112, first paragraph have been 
withdrawn. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 1-17, 22-31, and 33 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

Regarding claims 1,7, 13, 22, and 26, the term "...content that is designed to 
constitute..." renders the claims indefinite because its makes it unclear as to whether 
the content must actually be one of the enumerated types of attack patterns. For 
purposes of the prior art search, it is being presumed that the pattern being search for is 
in fact one of the listed types of patterns. 

Claims 2-6, 8-12, 14-17, 23-25, 27-31, and 33 depend from rejected claims 1,7, 
13, 22, and 26 and include all the limitations of those claims, thereby rendering those 
dependent claims indefinite. 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

6. Claims 32 and 34 are rejected under 35 U.S.C. 102(e) as being anticipated by 
U.S. Patent No. 5,884,033 to Duvall et al. 

As per claim 32, Duvall defines a plurality of unwanted input strings to be filtered 
(see column 3, line 64 to column 4, line 1 1), a search pattern that permits variability, can 
search a portion of the string, and has wildcard characters (see column 6, lines 28-42), 
receives an input string on a web server (see column 8, lines 18-27), evaluates 
(screens) the strings, and takes remedial action if necessary, including denying the 
request (see column 6, line 60 to column 7, line 13). The patterns described in Duvall 
(see column 6, lines 35-42) constitute a regular expression. 
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Regarding claim 34, the program is loaded into a computer running an operating 
system such as Windows 95; this can only be done if the program is retrieved from a 
computer-readable medium (see column 10, line 64 to column 11, line 20). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-11 and 13-30, and 33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent No. 5,884,033 to Duvall et al. in view of US. Patent No. 
6,421,781 toFoxetal. 

Regarding claims 1, 2, 6, 18, and 33, Duvall defines a plurality of unwanted input 
strings to be filtered (see column 3, line 64 to column 4, line 1 1 ), a search pattern that 
permits variability, can search a portion of the string, and has wildcard characters (see 
column 6, lines 28-42), receives an input string on a web server (see column 8, lines 18- 
27), evaluates the strings, and takes remedial action if necessary, including denying the 
request (see column 6, line 60 to column 7, line 13). 

Duvall only discloses the use of the invention for the filtering of URL's that are 
related to material that is objectionable, depending upon the user's tastes and 
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sensitivities (see column 2, lines 12-20). The filtering of attacks on a system, such as a 
disclosure attack, integrity attack, or a denial of service attack, is not disclosed. 

Fox discloses the parsing and checking of an incoming URL against a list of 
acceptable domains and variations thereof, and notes that this protects against denial- 
of-service attacks (see column 11, line 15 to column 14, line 4). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to use the invention of Duvall by checking a URL against 
domain names, as disclosed by Fox, in order to protect against abusive denial-of- 
service attacks. 

As per claims 3 and 19, the patterns described in Duvall (see column 6, lines 35- 
42) constitute a regular expression. 

As per claims 4 and 20, Duvall discloses that the input string may be a URL (see 
column 5, lines 66-67). 

As per claims 5 and 21 , Duvall discloses that the input string may be an HTTP 
verb request, such as a GET request (see column 6, lines 19-25). 

As per claims 7-10, 13-16, 26, 27, 29, and 30, Duvall discloses that the search 
patterns may be stored in RAM (see column 3, lines 45-49). 

As per claim 1 1 , Duvall discloses that the product may be patched onto an 
application that is already running (see column 9, line 14 to column 11, line 20). 

As per claims 17 and 22-25, the program is stored in a public directory (on a 
disk) before being installed (see column 10, lines 64-66). 

As per claim 28, the list of patterns may be edited (see column 8, lines 1-9). 
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8. Claims 12 and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent No. 5,884,033 to Duvall et al. in view of US. Patent No. 6,421,781 to 
Fox et al. as applied to claims 7 and 26 above, and further in view of Oliver et al., 
"Building a Windows NT 4 Internet Server", 1996, p. 203. 

The system disclosed in Duvall may be implemented on a server and that it uses 
an API (see column 10, lines 59-63), but Duvall and Fox do not specifically disclose that 
it uses ISAPI. 

Oliver states that ISAPI (which stands for Internet Server API), which is an API 
native to the Microsoft® Internet Information Server, allows programmers to create 
server applications that take advantage of the web server and is tightly linked to the 
operating system. 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to implement the system of Duvall and Fox by using a 
reliable and well-supported API such as the Microsoft® ISAPI, as disclosed in Oliver, 
when implementing the system disclosed by Duvall and Fox on a Windows NT server. 

Response to Arguments 

9. Applicant's arguments, see Remarks, filed 4 August 2004, with respect to the 
rejections under 35 U.S.C. 112, first paragraph have been fully considered and are 
persuasive. The rejections under 35 U.S.C. 112, first paragraph have been withdrawn. 
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10. Applicant's arguments filed 4 August 2004 with respect to the rejections under 35 
U.S.C. 112, second paragraph and 35 U.S.C. 103 have been fully considered but they 
are not persuasive. 

1 1 . Regarding the rejections under 35 U.S.C. 1 1 2, second paragraph (see Remarks, 
p. 11), content that is "designed to constitute" something may or may not actually 
constitute it, depending on the quality of the design. It is therefore uncertain that the 
limitations subsequently recited would actually be part of the invention, thereby making 
the claims indefinite. 

It is agreed that the remainder of the limitation after "designed to constitute" is a 
Markush group. 

The rejection is therefore proper. 

12. In response to applicant's argument with respect to the rejections under 35 
U.S.C. 103 (see Remarks, pp. 18-37) that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, Duvall discloses 
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all of the limitations of the claimed invention, save for the use of the invention for 
screening URLs for particular kinds of attacks. Applicant is also reminded that Duvall 
does disclose a server-side application, and provides for the use of variable strings. Fox 
discloses such an application and the motivation is sufficient to suggest to one skilled in 
the art to attempt to use Duvall's mechanism for detecting denial-of-service attacks. It is 
not necessary to modify Duvall's invention for the teachings of Fox beyond this 
suggested use. A prima facie case thus exists and the rejections are therefore proper. 



Conclusion 



13. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew E. Heneghan, whose telephone number is 
(571 ) 272-3834. The examiner can normally be reached on Monday, Tuesday, 
Thursday, and Friday from 8:30 AM - 4:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse, can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 



Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571 ) 272- 
2100. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). A 



(703) 872-9306 
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